Behavioral task
behavioral1
Sample
67d0fff137a0084691e13faeee8fcdcb1c865a97a9ce5f285919dae3bbcb3743.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
67d0fff137a0084691e13faeee8fcdcb1c865a97a9ce5f285919dae3bbcb3743.exe
Resource
win10v2004-20230221-en
General
-
Target
67d0fff137a0084691e13faeee8fcdcb1c865a97a9ce5f285919dae3bbcb3743
-
Size
15KB
-
MD5
d9e2318a4888e20e3cb4dffd4ab9d6e2
-
SHA1
04e3943bc554c7fe4d24564fada5a9e2631c9ca8
-
SHA256
67d0fff137a0084691e13faeee8fcdcb1c865a97a9ce5f285919dae3bbcb3743
-
SHA512
2a2f5433a903169a661c1db71edd1ae00dae8a9df91649ab499aeb09ef239b0b8a19ad98cbcd27d5901cedda252b36a9cbeaeee233534e5ba7508d573a0df3cc
-
SSDEEP
192:+mw+bBtcyz0u50JN8BLOL0d8O++BJ+r/1qYvCI0Y7mCuRuxghRV2unnnnnny:+0bLVLOL0dRzmr9qY6pYSCu0mhRe
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 67d0fff137a0084691e13faeee8fcdcb1c865a97a9ce5f285919dae3bbcb3743
Files
-
67d0fff137a0084691e13faeee8fcdcb1c865a97a9ce5f285919dae3bbcb3743.exe windows x86
fbd97d49586560263df0b359839a766f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
WriteFile
GetStdHandle
ExitProcess
GetCommandLineA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetProcessHeap
ReadConsoleA
GetModuleHandleA
msvcrt
strchr
atoi
_ftol
malloc
strrchr
free
sprintf
modf
_getch
user32
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
MessageBoxA
GetMessageA
Sections
.text Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 862B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 664B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ